CVE-2017-5532

A vulnerability in the report renderer component of TIBCO JasperReports
Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports
Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO
JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with
Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO
Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may
allow a subset of authorized users to perform persistent cross-site
scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server
6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server
Community Edition 6.4.0 and below, TIBCO JasperReports Server for
ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and
below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for
ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with
Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for
AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1;
6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and
below.

Notes